} if ($res['expire'] !== '-1' && time() >= (int) $res['expire']) { header("HTTP/1.0 410 Gone", true, 410); die('410 Gone: this file expired on ' . date(DateTime::ISO8601, (int) $res['expire'])); } if (is_string($res['password_hash']) && 0 < strlen($res['password_hash'])) { if (!isset($_GET['password'])) { header("HTTP/1.0 403 Forbidden", true, 403); die('this file is password protected, and no password supplied.'); } if (passwordHashV1($_GET['password']) !== $res['password_hash']) { header("HTTP/1.0 403 Forbidden", true, 403); die('wrong password'); } } $fullFilePath = hhb_combine_filepaths($files_folder, $res['local_filename']); if (!file_exists($fullFilePath)) { throw new Exception("CORRUPTED DATABASE! FILE FOR " . var_export($id, true) . ' DOES NOT EXIST!'); } header('Content-Description: File Transfer'); header('Content-Type: ' . $res['file_content_type']); header('Content-Disposition: attachment; filename="' . $res['data_name'] . '"'); //dont worry, data_name in db is already sanitized... or is supposed to be.... header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); if ($res['compression'] === '0') { $size = filesize($fullFilePath); header('Content-Length: ' . $size); if (($read = readfile($fullFilePath)) !== $size) { throw new Exception('Could only read ' . $read . ' bytes of a .' . $size . ' bytes file! id: ' . var_export($id, true));
$response->errors[] = 'dataName is invalid, and strict_filename is enabled. can not continue. offending dataName character start at byte offset ' . $failOffset; return false; } $dataName = sanitizeDataName($dataName); $response->warnings[] = 'dataName is invalid. offending dataName character start at byte offset ' . $failOffset . '. dataName has been transliterated/sanitized from UTF8 to ASCII with iconv, and truncated to 255 bytes. the new dataName is: ' . $dataName; } $response->final_filename = $dataName; $clientIP = getClientIP(); if (!isset($_GET['response_type']) && !isset($_POST['response_type'])) { $responseType = 'json'; //currently unused... } require_once './../getdb.inc.php'; $passwordHash = getPasswordHash(); $localFilename = generateLocalFilename(); $fullFilePath = hhb_combine_filepaths($files_folder, $localFilename); if (!file_exists($fullFilePath)) { if (isset($_POST['upload_data'])) { if (($tmpi1 = strlen($_POST['upload_data'])) !== ($tmpi2 = file_put_contents($fullFilePath, $_POST['upload_data']))) { @unlink($fullFilePath); //attempt cleanup of corrupted file... $response->errors[] = 'internal server error. tried to write ' . var_export($tmpi1, true) . ' bytes to disk, but could only write ' . var_export($tmpi2, true) . ' bytes!'; return false; throw new Exception('TODO: HANDLE THIS ERROR'); } } elseif (is_string($_FILES['upload_data']['tmp_name'])) { if (!move_uploaded_file($_FILES['upload_data']['tmp_name'], $fullFilePath)) { $response->errors[] = 'internal server error. could not move the uploaded file to the files directory.'; return false; } } else {
<?php init(); $dbpath = hhb_combine_filepaths(__DIR__, 'simple_fileshare_db.sqlite3'); $filesfolder = hhb_combine_filepaths(__DIR__, 'files_folder') . '/'; if (file_exists($dbpath)) { die('db already exist! delete the old db before creating a new 1...'); } if (is_dir($filesfolder) || file_exists($filesfolder)) { die('filesfolder already exists! delete the filesfolder before recreating the database. ' . $dbpath); } if (!mkdir($filesfolder, 0664)) { //-rw-rw-r-- die('unable to create folder ' . $filesfolder); } if (false === file_put_contents(hhb_combine_filepaths($filesfolder, 'index.html'), 'NO AUTOINDEX ON THIS FOLDER!')) { die('uname to create file inside folder.'); } if (false === file_put_contents($dbpath, 'test if we can create the db file')) { die("Maybe db folder is readonly! cannot create the db file: " . $dbpath); } if (false === file_put_contents($dbpath, '')) { die("Cannot truncate the dbfile! : " . $dbpath); } $db = new PDO('sqlite:' . $dbpath, '', '', array(PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION)); $schema = file_get_contents('sqlite3_schema.sql'); assert(false !== $schema); $configsql = 'INSERT INTO `config` (`id`,`default_compression`,`filesfolder`,`download_api_v1_url`) VALUES(1,0,' . $db->quote($filesfolder) . ',' . $db->quote('https://ratma.net/simple_fileshare/download.php') . ');'; $hash_types_sql = ' INSERT INTO `hash_types` (`id`,`hash_description`) VALUES(1,
<?php require_once 'hhb_.inc.php'; //theoretically, you can use mysql like //$db = new PDO('mysql:host=localhost;dbname=simple_fileshare_db;charset=utf8', 'username', 'password', //array(PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION)); //but for now, its SQLite. $dbpath = hhb_combine_filepaths(__DIR__, 'simple_fileshare_db.sqlite3'); if (!file_exists($dbpath)) { die('dbpath does not exist! create the db with createdb.php first...'); } $db = new PDO('sqlite:' . $dbpath, '', '', array(PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION)); $files_folder = $db->query('SELECT `filesfolder` FROM `config` WHERE `id` = 1;')->fetch(PDO::FETCH_NUM)[0]; $default_compression = (int) $db->query('SELECT `default_compression` FROM `config` WHERE `id` = 1;')->fetch(PDO::FETCH_NUM)[0]; $download_url = $db->query('SELECT `download_api_v1_url` FROM `config` WHERE `id` = 1;')->fetch(PDO::FETCH_NUM)[0]; function passwordHashV1($password) { if (!is_string($password) || 0 >= strlen($password)) { return ''; } $ret = str_replace(array('+', '/', '='), array('-', '_', '.'), base64_encode(hash('sha1', hash('sha256', $password, true), true))); return $ret; }